Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-25 17:21:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

hack: make bucket/region configurable

Browse Source 
The is useful for testing the configapi cli.
This commit is contained in:
Otto Bittner 2023-08-23 15:10:20 +02:00
parent d35822cff8
commit d2071e945a
2 changed files with 73 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hack/configapi/delete.go
View File

@ -46,9 +46,20 @@ func (d deleteCmd) delete(cmd *cobra.Command) error {
func runDelete(cmd *cobra.Command, _ []string) error { func runDelete(cmd *cobra.Command, _ []string) error {
log := logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfigapi") log := logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfigapi")
region, err := cmd.Flags().GetString("region")
if err != nil {
return fmt.Errorf("getting region: %w", err)
}
bucket, err := cmd.Flags().GetString("bucket")
if err != nil {
return fmt.Errorf("getting bucket: %w", err)
}
cfg := staticupload.Config{ cfg := staticupload.Config{
Bucket: awsBucket, Bucket: bucket,
Region: awsRegion, Region: region,
} }
client, stop, err := attestationconfigapi.NewClient(cmd.Context(), cfg, []byte(cosignPwd), []byte(privateKey), false, log) client, stop, err := attestationconfigapi.NewClient(cmd.Context(), cfg, []byte(cosignPwd), []byte(privateKey), false, log)
if err != nil { if err != nil {

81
hack/configapi/main.go
View File

@ -28,7 +28,6 @@ const (
) )
var ( var (
maaFilePath string
// Cosign credentials. // Cosign credentials.
cosignPwd string cosignPwd string
privateKey string privateKey string
@ -55,8 +54,10 @@ func newRootCmd() *cobra.Command {
PreRunE: envCheck, PreRunE: envCheck,
RunE: runCmd, RunE: runCmd,
} }
rootCmd.Flags().StringVarP(&maaFilePath, "maa-claims-path", "t", "", "File path to a json file containing the MAA claims.") rootCmd.Flags().StringP("maa-claims-path", "t", "", "File path to a json file containing the MAA claims.")
rootCmd.Flags().StringP("upload-date", "d", "", "upload a version with this date as version name.") rootCmd.Flags().StringP("upload-date", "d", "", "upload a version with this date as version name.")
rootCmd.PersistentFlags().StringP("region", "r", awsRegion, "region of the targeted bucket.")
rootCmd.PersistentFlags().StringP("bucket", "b", awsBucket, "bucket targeted by all operations.")
must(rootCmd.MarkFlagRequired("maa-claims-path")) must(rootCmd.MarkFlagRequired("maa-claims-path"))
rootCmd.AddCommand(newDeleteCmd()) rootCmd.AddCommand(newDeleteCmd())
return rootCmd return rootCmd
@ -74,12 +75,19 @@ func envCheck(_ *cobra.Command, _ []string) error {
func runCmd(cmd *cobra.Command, _ []string) error { func runCmd(cmd *cobra.Command, _ []string) error {
ctx := cmd.Context() ctx := cmd.Context()
log := logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfigapi") log := logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfigapi")
cfg := staticupload.Config{
Bucket: awsBucket, flags, err := parseCliFlags(cmd)
Region: awsRegion, if err != nil {
return fmt.Errorf("parsing cli flags: %w", err)
} }
log.Infof("Reading MAA claims from file: %s", maaFilePath)
maaClaimsBytes, err := os.ReadFile(maaFilePath) cfg := staticupload.Config{
Bucket: flags.bucket,
Region: flags.region,
}
log.Infof("Reading MAA claims from file: %s", flags.maaFilePath)
maaClaimsBytes, err := os.ReadFile(flags.maaFilePath)
if err != nil { if err != nil {
return fmt.Errorf("reading MAA claims file: %w", err) return fmt.Errorf("reading MAA claims file: %w", err)
} }
@ -90,19 +98,7 @@ func runCmd(cmd *cobra.Command, _ []string) error {
inputVersion := maaTCB.ToAzureSEVSNPVersion() inputVersion := maaTCB.ToAzureSEVSNPVersion()
log.Infof("Input version: %+v", inputVersion) log.Infof("Input version: %+v", inputVersion)
dateStr, err := cmd.Flags().GetString("upload-date") latestAPIVersionAPI, err := attestationconfigapi.NewFetcher().FetchAzureSEVSNPVersionLatest(ctx, flags.uploadDate)
if err != nil {
return fmt.Errorf("getting upload date: %w", err)
}
uploadDate := time.Now()
if dateStr != "" {
uploadDate, err = time.Parse(attestationconfigapi.VersionFormat, dateStr)
if err != nil {
return fmt.Errorf("parsing date: %w", err)
}
}
latestAPIVersionAPI, err := attestationconfigapi.NewFetcher().FetchAzureSEVSNPVersionLatest(ctx, uploadDate)
if err != nil { if err != nil {
return fmt.Errorf("fetching latest version: %w", err) return fmt.Errorf("fetching latest version: %w", err)
} }
@ -128,7 +124,7 @@ func runCmd(cmd *cobra.Command, _ []string) error {
return fmt.Errorf("creating client: %w", err) return fmt.Errorf("creating client: %w", err)
} }
if err := client.UploadAzureSEVSNP(ctx, inputVersion, uploadDate); err != nil { if err := client.UploadAzureSEVSNP(ctx, inputVersion, flags.uploadDate); err != nil {
return fmt.Errorf("uploading version: %w", err) return fmt.Errorf("uploading version: %w", err)
} }
@ -136,6 +132,49 @@ func runCmd(cmd *cobra.Command, _ []string) error {
return nil return nil
} }
type cliFlags struct {
maaFilePath string
uploadDate time.Time
region string
bucket string
}
func parseCliFlags(cmd *cobra.Command) (cliFlags, error) {
maaFilePath, err := cmd.Flags().GetString("maa-claims-path")
if err != nil {
return cliFlags{}, fmt.Errorf("getting maa claims path: %w", err)
}
dateStr, err := cmd.Flags().GetString("upload-date")
if err != nil {
return cliFlags{}, fmt.Errorf("getting upload date: %w", err)
}
uploadDate := time.Now()
if dateStr != "" {
uploadDate, err = time.Parse(attestationconfigapi.VersionFormat, dateStr)
if err != nil {
return cliFlags{}, fmt.Errorf("parsing date: %w", err)
}
}
region, err := cmd.Flags().GetString("region")
if err != nil {
return cliFlags{}, fmt.Errorf("getting region: %w", err)
}
bucket, err := cmd.Flags().GetString("bucket")
if err != nil {
return cliFlags{}, fmt.Errorf("getting bucket: %w", err)
}
return cliFlags{
maaFilePath: maaFilePath,
uploadDate: uploadDate,
region: region,
bucket: bucket,
}, nil
}
// maaTokenTCBClaims describes the TCB information in a MAA token. // maaTokenTCBClaims describes the TCB information in a MAA token.
type maaTokenTCBClaims struct { type maaTokenTCBClaims struct {
IsolationTEE struct { IsolationTEE struct {